Payment Gateway Testing – What, Types, DOs & DONTs

A Payment Gateway System is an e-commerce application aid which authorizes credit / debit card payment for online purchases. Payment gateway must keep the credit card details secure by tactfully encrypting the data mainly credit card numbers, account holder details and so on. This information should be passed securely between the customer and the merchant and vice versa.

Types of Payment Gateway System

There are 2 types of Payment Gateway system available.

1) Hosted Payment Gateway

This system redirects customer outside from e-commerce site to payment processing page of selected gateway and later when payment transaction is completed customer is redirected back to the site. PayPal, WorldPay, etc. are some reputed providers of Hosted Payment Gateway.

2) Shared Payment Gateway

This system directs customer to payment page but stays in application. This Gateway system doesn’t leave e-commerce site while payment is processing this way its simple, sought after and safe such as Stripe and eWay.

Testing a payment gateway is just like testing other features, yet security testing plays a vital role and below are main points (Testing Types) to reckon :

Functionality: All basic functions needs to be tested such as does gateway do as it should do? Does it manage order correct and properly? Does it execute needed extra calculation right? (for example, when gateway is used in country where VAT is required to be calculated and added at payment time.)

Integration: Integration of gateway should be properly tested with credit/debit card providers. It’s very crucial to test negative scenarios as well. Its necessary for company, that gateway bills (reimbursed) for correct amount but critical part is gateway should deal with all probable and practical billing faults in proper way.

Security: Major concern related to payment gateway is detail security testing. Data transmitted to the gateway is sent through a secured channel like https. Stored data should not contain card holder name, card number, account number and PIN. If application is required to store card number (for recurring transaction) then it must be stored in encrypted format and unencrypted data visibility should be restricted and access should be logged.

Performance: This is up-most type of testing as payment gateway must have to respond highest number of concurrent users doing transaction through gateway on same time.

Certification: E-commerce site owner should use payment gateway which provides certificate. Certification is necessary for e-commerce site or else site will be responsible for disputed payments. In this situation gateway provider will give their tests and test-data to evaluate integration of payment gateway with e-commerce site. Some provider will allow to use their test and test data according to site owner convenience. While other gateway provider will direct site owners regarding transaction over phone and verifies.

Hardware: Some gateway providers are bound to particular hardware. In such cases there is a need to test the hardware integration as well along with the payment process.

Batch vs Per-Transaction providers: Few providers will execute batch processing, meaning they will supply a tentative authority at the time of transaction, but full authorization and funds transfer will occur only at the end of day batch processing. This limits the size of batch so site owner should perform more transactions in day than fixed limit so they can be sure that batches are split right and all the transactions are processed.

Things to be consider before Selecting Gateway Package

Transaction Fees: When payment transaction is done, few gateways will charge you for letting you use their app. You will either pay a flat fee per each transaction, or a defined percentage commission of each purchase value or a combination of both charges.

On-Form Payments: If there is a pre-built form integrated with a payment gateway to collect funds, site owner should pay attention to this section. Few gateways will collect payment straight from the given form, while others will take users to a separate page to complete the purchase transaction.